def _prepare_raw(self, database, addr): """ Retrieve raw data that triggered new event to be attached to this ip addr (it can take the form of a csv line or an email). :param database: The DB instance :param str addr: Related IP address :rtype array: :return: Array of raw data for each event entry """ results = [] for entry in database.find_all_event_data_for_ip(addr): line = "Raised by {} with a weight of {}.".format( entry['source'], str(entry['weight'])) # Emails are encoded as b64 to avoid any side effects. if not utils.is_base64_encoded(entry['data']): line = "{} Raw data:\n{}".format(line, entry['data']) else: line = "{} This is an e-mail and it won't be displayed in this report.".format( line) results.append(line) return results
def get_reputation_events_for_source(addr, source, start_date): """ Get reputation events with full data (raw data included) for a given ip and a given source. :param str addr: Ip the reputation must be computed with :param str source: Source short name to get events of :param int start_date: Timestamp the events must be retrieved from :rtype: array :return: Array of events """ with mongo.Mongo() as database: events = database.find_all_event_data_for_ip(addr, start_date, True) result = [event for event in events if event['source'] == _map_source_from_shortname(source)] # Find the first data to determine whether data are b64 encoded or not. is_encoded = False for event in result: if event['data']: is_encoded = utils.is_base64_encoded(event['data']) break # If data are encoded, then decode all if is_encoded: for event in result: event['data'] = base64.b64decode(event['data']).decode() if event['data'] else event['data'] return result
def get_reputation_events_for_source(addr, source, start_date): """ Get reputation events with full data (raw data included) for a given ip and a given source. :param str addr: Ip the reputation must be computed with :param str source: Source short name to get events of :param int start_date: Timestamp the events must be retrieved from :rtype: array :return: Array of events """ with mongo.Mongo() as database: events = database.find_all_event_data_for_ip(addr, start_date, True) result = [event for event in events if event['source'] == _map_source_from_shortname(source)] # Find the first data to determine whether data are b64 encoded or not. is_encoded = False for event in result: if event['data']: is_encoded = utils.is_base64_encoded(event['data']) break # If data are encoded, then decode all if is_encoded: for event in result: event['data'] = event['data'].decode('base64') if event['data'] else event['data'] return result
def _prepare_raw(self, database, addr): """ Retrieve raw data that triggered new event to be attached to this ip addr (it can take the form of a csv line or an email). :param Mongo database: `Mongo` instance :param str addr: Related IP address :rtype array: :return: Array of raw data for each event entry """ results = [] for entry in database.find_all_event_data_for_ip(addr): line = "Raised by {} with a weight of {}.".format(entry['source'], str(entry['weight'])) # Emails are encoded as b64 to avoid any side effects. if not utils.is_base64_encoded(entry['data']): line = "{} Raw data:\n{}".format(line, entry['data']) else: line = "{} This is an e-mail and it won't be displayed in this report.".format(line) results.append(line) return results
def test_is_base64_encoded(self): str1 = "Hello world !!" str2 = base64.b64encode(b"Hello\nWorld !!!").decode() self.assertFalse(utils.is_base64_encoded(str1)) self.assertTrue(utils.is_base64_encoded(str2))
def test_is_base64_encoded(self): str1 = "Hello world !!" str2 = base64.b64encode("Hello\nWorld !!!") self.assertFalse(utils.is_base64_encoded(str1)) self.assertTrue(utils.is_base64_encoded(str2))